Homepage
About Snyk

Always-Incorrect Control Flow Implementation Affecting directus package, versions <10.8.3

Severity

 Recommended
0.0
medium
0
10

CVSS assessment made by Snyk's Security Team

    Threat Intelligence

    EPSS
    0.04% (10th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-JS-DIRECTUS-6356275
  • published 3 Mar 2024
  • disclosed 1 Mar 2024
  • credit Julian Hector
Report a new vulnerability Found a mistake?

Introduced: 1 Mar 2024

CVE-2024-27295 Open this link in a new tab
CWE-670 Open this link in a new tab

How to fix?

Upgrade directus to version 10.8.3 or higher.

Overview

directus is a Directus is a real-time API and App dashboard for managing SQL database content.

Affected versions of this package are vulnerable to Always-Incorrect Control Flow Implementation due to the password reset mechanism implementation combined with default database configurations in MySQL and MariaDB. This allows attackers in possession of a known good email address to redirect a password reset email intended for a victim by registering a similar email address with alternative characters that are considered equivalent to the same ones as characters in the stored email address, by the database engine. The API uses the supplied email address for sending the reset password mail instead of the email address from the database.

References

CVSS Scores

version 3.1
Expand this section

Snyk

Recommended
6.5 medium
  • Attack Vector (AV)
    Network
  • Attack Complexity (AC)
    High
  • Privileges Required (PR)
    None
  • User Interaction (UI)
    None
  • Scope (S)
    Unchanged
  • Confidentiality (C)
    High
  • Integrity (I)
    Low
  • Availability (A)
    None